Format: 1.8 Date: Wed, 04 Oct 2017 09:02:01 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: i386 all Version: 7.35.0-1ubuntu2.11 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.35.0-1ubuntu2.11) trusty-security; urgency=medium . * SECURITY UPDATE: printf floating point buffer overflow - debian/patches/CVE-2016-9586.patch: fix floating point buffer overflow issues in lib/mprintf.c, added test to tests/data/test557, tests/libtest/lib557.c. - CVE-2016-9586 * SECURITY UPDATE: TFTP sends more than buffer size - debian/patches/CVE-2017-1000100.patch: reject file name lengths that don't fit in lib/tftp.c. - CVE-2017-1000100 * SECURITY UPDATE: URL globbing out of bounds read - debian/patches/CVE-2017-1000101.patch: do not continue parsing after a strtoul() overflow range in src/tool_urlglob.c, added test to tests/data/Makefile.am, tests/data/test1289. - CVE-2017-1000101 * SECURITY UPDATE: FTP PWD response parser out of bounds read - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path even on bad input in lib/ftp.c, added test to tests/data/Makefile.am, tests/data/test1152. - CVE-2017-1000254 * SECURITY UPDATE: --write-out out of buffer read - debian/patches/CVE-2017-7407-1.patch: fix a buffer read overrun in src/tool_writeout.c added test to tests/data/Makefile.am, tests/data/test1440, tests/data/test1441. - debian/patches/CVE-2017-7407-2.patch: check for end of input in src/tool_writeout.c added test to tests/data/Makefile.am, tests/data/test1442. - CVE-2017-7407 Checksums-Sha1: 739f3999d9abfb9bea9e8a1883e41677e0989f26 122608 curl_7.35.0-1ubuntu2.11_i386.deb e4b05971930a634a0ea58d34f31d577c06a5a038 958 curl-udeb_7.35.0-1ubuntu2.11_i386.udeb 068800bdbd6794c142c9da5fa9b7de151d658f9b 175108 libcurl3_7.35.0-1ubuntu2.11_i386.deb 5e13390a330c7b9877a0a88d77e87934e1a36e5d 840 libcurl3-udeb_7.35.0-1ubuntu2.11_i386.udeb beadef4396e569b2b23a001b6b34dffd1ffd7c3a 167666 libcurl3-gnutls_7.35.0-1ubuntu2.11_i386.deb f2a6f2be3327b9082737a84a5c20e8f60b83783c 177938 libcurl3-nss_7.35.0-1ubuntu2.11_i386.deb d8d433482f72150a67ce6aa7c4650ec669dc6ac3 231000 libcurl4-openssl-dev_7.35.0-1ubuntu2.11_i386.deb 100e22de9b3df8b986bced037c3d420b40664502 223816 libcurl4-gnutls-dev_7.35.0-1ubuntu2.11_i386.deb 9453c37372300bc3b9171425cf589bcc913300c7 234814 libcurl4-nss-dev_7.35.0-1ubuntu2.11_i386.deb e89e20aa1962c538141e43636e360b5176d2e3bc 3110044 libcurl3-dbg_7.35.0-1ubuntu2.11_i386.deb 5c221258c5f848909cd8549960afc39e3d2cbd48 926980 libcurl4-doc_7.35.0-1ubuntu2.11_all.deb 14ebac6e8e2d45964e81d4a8c695476662869fc7 1086 curl-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 566c59b7d319c11361195988ee7cb1d128f74a3d 986 curl-udeb-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb b7397d3d6e0a7dda1832f776e8e800133cb575db 1202 libcurl3-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 7c6323006901caa6bb791155d98940a2a50dcc7f 902 libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb a2919d76f741c75d4178187731b1e1c4246b2bb9 1208 libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 720469c64b08d2f79313da270ce348d502688865 1206 libcurl3-nss-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb b22df15d8e4b9a6deeaf2fbc121168c31fbe7a14 1288 libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb ef52712bf9e0731eeee4cace5113e248335c91d3 1288 libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 2cb8901e336986924f801469991852163d87f2f1 1282 libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb Checksums-Sha256: 5bc9d6d8e3ae1b7416da54c49e751b357b2b91b564f6af9133fd7422defcf7f6 122608 curl_7.35.0-1ubuntu2.11_i386.deb 11dca3ce411f1228049a2f5a54dc416ada641997b95446bb547f691ff75b5826 958 curl-udeb_7.35.0-1ubuntu2.11_i386.udeb a368fe009ddced9628413f1d415257fcc98fcc4532026d6f444968280220f1b0 175108 libcurl3_7.35.0-1ubuntu2.11_i386.deb 9264b4e9ff5a665713f97adcbfebdce4b9ab74fa674c8362d9dd55a1c963a5ea 840 libcurl3-udeb_7.35.0-1ubuntu2.11_i386.udeb a72e924c04ba431fe3c7275b8896c4892ab325faf589a71353bd42e931237038 167666 libcurl3-gnutls_7.35.0-1ubuntu2.11_i386.deb b5c1b5fcad35a945ba4c9e91b4f806a17f734631d206f0044849cabcb026b61f 177938 libcurl3-nss_7.35.0-1ubuntu2.11_i386.deb cad3cc0cb09f9327fe1105be2ad745122ff0b891e6b820a304b3dd1f6314bfbc 231000 libcurl4-openssl-dev_7.35.0-1ubuntu2.11_i386.deb 51bfdf48bd84162101c845b113dbfdabe89f05124de9a4dc613e97f8e7cfcd14 223816 libcurl4-gnutls-dev_7.35.0-1ubuntu2.11_i386.deb 857a180aa9ae5dbddb548b8a0edfeabe770992364f47f025afb0bb411b3509e7 234814 libcurl4-nss-dev_7.35.0-1ubuntu2.11_i386.deb 6037b64707001537152486e62a7d4737a9c5dd08d5e90a5c0d934cab56ddf553 3110044 libcurl3-dbg_7.35.0-1ubuntu2.11_i386.deb a0e9913eb28048fcfb7868ead38697158dd6c5f38ef4a8f52ad975b1ea7c079c 926980 libcurl4-doc_7.35.0-1ubuntu2.11_all.deb ae66a79e59843f3fc1fde6968496dda850ec0dca4a84d73f897bc712566912b5 1086 curl-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 32c6ea18cebc764e5229213535f11ecc9d544d4d789cbb7b0539be8a78229332 986 curl-udeb-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb e2ec6ddff6b983a49c4f7b9a7f098af6d58f15e0e037eede7de19f1b5e0ef984 1202 libcurl3-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 3284252cdb4c1197827419b9313bbdb5eae59e80b663c6095ba36e8f1b14bda0 902 libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 6eae0af7d2ed8516eae060f6988bf1b4589b0d085967a1f962f6876d2a86ca20 1208 libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 0bf11675a1bdd220f1cb165304550d368b2af681b9f7e2a5aac1c19eaf7eaceb 1206 libcurl3-nss-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb ace62d9b399010a1d4d32afbf79809372569c6bc2430cc2cf653adfbe184d549 1288 libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 3d6c3843058f80877c54674fd8d606f37fe500f40b9386a200cae3c050199435 1288 libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 277c71f33d9b3faeecc1f01592cdf6c0d96b4a0fdad3fc23dec864002da2edfc 1282 libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb Files: 2d23e2ea68aba355f0a7192bdaa26f8d 122608 web optional curl_7.35.0-1ubuntu2.11_i386.deb a3c9fc30f48510dfa81d57921d89e565 958 debian-installer optional curl-udeb_7.35.0-1ubuntu2.11_i386.udeb c93195ebdaa2fba9acff8e93fe849e03 175108 libs optional libcurl3_7.35.0-1ubuntu2.11_i386.deb 185365f35eb56d8ffe2edf1fe53e5c06 840 debian-installer optional libcurl3-udeb_7.35.0-1ubuntu2.11_i386.udeb 3600e36fca3827991300602313eadf46 167666 libs optional libcurl3-gnutls_7.35.0-1ubuntu2.11_i386.deb 4b6dfbd1e3bf8bdd24fd9ef3e2615251 177938 libs optional libcurl3-nss_7.35.0-1ubuntu2.11_i386.deb 8358b00701164def727c88ba79bc4533 231000 libdevel optional libcurl4-openssl-dev_7.35.0-1ubuntu2.11_i386.deb 5504423108206f4e9285349841e5e10b 223816 libdevel optional libcurl4-gnutls-dev_7.35.0-1ubuntu2.11_i386.deb 7859ff2f2b885a91b0b6683de4febeed 234814 libdevel optional libcurl4-nss-dev_7.35.0-1ubuntu2.11_i386.deb f7901a5e0c3778bc06273e18798c7fd5 3110044 debug extra libcurl3-dbg_7.35.0-1ubuntu2.11_i386.deb 1dfbde30eaa6d4cb98b0b1a32f4ae265 926980 doc optional libcurl4-doc_7.35.0-1ubuntu2.11_all.deb 2e624ec63ac72b3fb533b066744920c3 1086 web extra curl-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb f3d19e051206f26cc22aa52f9e9c1714 986 debian-installer extra curl-udeb-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 8ca8568ceeba6ba31f934dc06f91e905 1202 libs extra libcurl3-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 7a6afd6c64ab30cc468aa76db2dc8369 902 debian-installer extra libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 3f9d34be68b070a851e91c9dbc5b8f9d 1208 libs extra libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 2803f6a7d4d256ab059acf9eac146988 1206 libs extra libcurl3-nss-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 56a0250bf64fe86eefb66875739ca957 1288 libdevel extra libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 393854e2334c9ca4f1043a9efb3190b3 1288 libdevel extra libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb 9d6d7927283a32b336681f2d1ecc3657 1282 libdevel extra libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.11_i386.ddeb Original-Maintainer: Alessandro Ghedini Package-Type: udeb